May 24, 2024 at 11:42AM
Google has addressed a critical high-severity security flaw, CVE-2024-5274, in its Chrome browser. The bug, a type confusion vulnerability in the V8 engine, poses threats such as code execution or access control bypasses. Two researchers, ClĂ©ment Lecigne and Brendon Tiszka, reported the flaw. It marks Google’s fourth zero-day vulnerability this month. Affected users are urged to update their Chrome browser.
Key Takeaways from the Meeting Notes:
– Google released an update from its Chrome team to address a high-severity security flaw (CVE-2024-5274) that is actively being exploited.
– The bug is classified as critical and is a type confusion vulnerability in the V8 JavaScript and WebAssembly engine.
– Type confusion vulnerabilities can allow threat actors to modify variables to trigger unintended actions, potentially leading to a range of security risks such as code execution and access control bypasses.
– The vulnerability was reported by two researchers from Google Threat Analysis Group and Chrome Security.
– This is the fourth zero-day vulnerability Google has patched this month, with other vulnerabilities including CVE-2024-4947, CVE-2024-4761, and CVE-2024-4671.
– Google recommends that Windows and macOS users upgrade to Chrome version 125.0.6422.112/.113, Linux users to version 125.0.6422.112, and Chromium-based users should apply fixes as they become available.